Cryptographic co-processors can perform several functions such as generating encryption keys, storing secrets, encrypting data, decrypting data, signing data, verifying signatures or other functions. One particular function of a cryptographic processor may be to perform symmetric algorithm encryption and decryption. In other words, the same key is used to encrypt and to decrypt a message. Due to the security concerns of various countries, there are governmental restrictions regarding the importation/exportation of cryptographic processors that perform symmetric key encryption and decryption. In recent years, the Trusted Computing Group (TCG) designed the Trusted Platform Module (TPM) to perform certain cryptographic functions without violating these restrictions. For example, the TPM is designed not to export a symmetric encryption/decryption function.
Access to cryptographic functions can provide benefits to various entities of a computing platform. For example, a Basic Input/Output System (BIOS) could implement digital signature verification to ensure a BIOS flash image is authentic. Also, a BIOS could implement an RSA algorithm to wrap a symmetric key for securely exchanging the symmetric key between the BIOS and an operating system component. Also, a BIOS could implement symmetric key encryption and decryption to securely encrypt and decrypt data transferred between the BIOS and an operating system. Configuring a BIOS (or other entity) to perform cryptographic functions such as those described above increases the size of the BIOS code and requires the ability to store secrets. Thus, a larger and more expensive flash memory is needed to store the BIOS image and protected non-volatile storage is needed to store secrets. It would be desirable if a BIOS (or other platform entity) could utilize the TPM's cryptographic functions without violating existing governmental import/export restrictions.